Damien Miller
2015-10-16 19:07:44 UTC
Hi,
I just committed a change to HEAD that raises the minimum Diffie-Hellman
group size that the client will accept from 1024 to 2048 bits.
Connections to well-behaved servers should not be affected by this
change, but I've identified at least one case where a misconfigured
It will use a fixed 1024 bit DH group as an implicit fallback if
/etc/ssh/moduli is missing, unreadable or empty.
Hopefully nobody is still using such an ancient OpenSSH (>10 years
old!), so the Sun_SSH case is more likely. If this change prevents you
from connecting to a server, then the workaround is to explicitly use
the weak diffie-hellman-group1-sha1 key exchange method to connect, i.e.
ssh -oKexAlgorithms=diffie-hellman-group1-sha1 ***@host
Once you are logged in, restore a good /etc/ssh/moduli (you can copy
one from OpenSSH HEAD[1]), log out and try to log in again without the
KexAlgorithms option. It should work fine.
We always appreaciate reports from people who are able to test HEAD in
their environments and I'm particularly interested in reports of similar
failures.
-d
[1] https://anongit.mindrot.org/openssh.git/plain/moduli
I just committed a change to HEAD that raises the minimum Diffie-Hellman
group size that the client will accept from 1024 to 2048 bits.
Connections to well-behaved servers should not be affected by this
change, but I've identified at least one case where a misconfigured
ssh_dispatch_run_fatal: Connection to 10.1.1.1: DH GEX group out of
range
The problematic software is OpenSSH <3.9 or Sun_SSH (all versions).range
It will use a fixed 1024 bit DH group as an implicit fallback if
/etc/ssh/moduli is missing, unreadable or empty.
Hopefully nobody is still using such an ancient OpenSSH (>10 years
old!), so the Sun_SSH case is more likely. If this change prevents you
from connecting to a server, then the workaround is to explicitly use
the weak diffie-hellman-group1-sha1 key exchange method to connect, i.e.
ssh -oKexAlgorithms=diffie-hellman-group1-sha1 ***@host
Once you are logged in, restore a good /etc/ssh/moduli (you can copy
one from OpenSSH HEAD[1]), log out and try to log in again without the
KexAlgorithms option. It should work fine.
We always appreaciate reports from people who are able to test HEAD in
their environments and I'm particularly interested in reports of similar
failures.
-d
[1] https://anongit.mindrot.org/openssh.git/plain/moduli